Researchers with QiAnXin's RedDrip Team discovered a phishing campaign bearing the group's stamp.
This new campaign utilizes poisoned files that appear to be health advisories sent by the Indian government. These days, people are desperate for information about the Coronavirus, and the hacking group is taking full advantage.
Their poisoned documents are being opened at an alarming rate, and when they are, a malicious tool called the Crimson RAT (Remote Administration Tool) is being installed.
This tool allows the hacker group to, (among other things):
- Capture screenshots
- Collect information about the antivirus software the victim's computer or device uses
- Make use of TCP protocols for communicating with the command and control server
- Stealing credentials from the victim's browser
- Listing running process, drives and directories on the victim's machine
- Retrie files from its C&C server
For the time being, the group has contented themselves with operations in India, but they're not the only state sponsored threat actor on the world stage. They're certainly not the only ones to be using the fear surrounding the Coronavirus as cover for their nefarious activities.
Be sure your employees are aware of this new threat, and adopt the policy of not opening any health related information you get via email. If you want to know the latest information available, instruct your team to go to the CDC's website and pull it straight from the source.
Keep your employees and your business safe against opportunist and hackers amid the coronavirus pandemic. Call SpartanTec, Inc. and let our team set in place the appropriate online security measures for you and your remote workers.
SpartanTec, Inc. Columbia, SC 29201 (803) 408-7166 http://manageditservicescolumbia.com/
cities served:
Columbia, West Columbia, Cayce, St Andrews, Lexington, Oak Grove
No comments:
Post a Comment